On Mon, Oct 29, 2012 at 8:04 PM, Matthew Woodward <m...@mattwoodward.com> wrote:
> Semi-new to Django and working on my first "real" app, and I have a need
> based on the user's credentials to display forms as either editable or
> read-only. (Note this doesn't have anything to do with the Django admin in
> case that has any bearing on the discussion.)
>
> Is there some fancy whiz-bang filter or middleware-type doo-dad (you can
> tell I'm still learning all the terminology) that would easily make all form
> fields read only?
>
> I thought about using javascript (this is an internal app so we can mandate
> javascript be enabled) but before I went that route figured I'd ask if
> anyone has had to do this and how they approached it.
>
> Personally I think it's weird to show someone a form they can't edit as
> opposed to just dumping them to a static display page, but wasn't my call.
>
> Thanks!
>
> --

You *might* be able to do this with a class that you add to the form tag
when you're read only, and CSS rules for the various types of inputs that
make them disabled when used as a descendent of something with that
class.  You should still, of course, protect in the view against a disallowed
user submitting the form -- we all know that bad guys can use firebug to
modify the DOM, right?  Another protective hack would be to omit the
CSRF token when the form is read only.

Bill

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Reply via email to